MidnightBSD

Advisories for outray

CVE-2026-22819

Outray openSource ngrok alternative. Prior to 0.1.5, this vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts. This vulnerability is fixed in 0.1.5.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H 1.6 4.2

Products Affected

Vendor Product Version
outray outray *
CVE-2026-22820

Outray openSource ngrok alternative. Prior to 0.1.5, a TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. This vulnerability is fixed in 0.1.5.

Products Affected

Vendor Product Version
outray outray *